® THE EXPERT’S VOICE

Companion ailable

  Foundations of CentOS Linux Enterprise Linux On the Cheap

  A truly free enterprise alternative to Red Hat Enterprise Linux Ryan Baclit, Chivas Sicam,

  ฀

  Membrey and

  Peter Membrey, John Newbigin

  Foundations of CentOS Linux Enterprise Linux On the Cheap

  ■ ■ ■ Ryan Baclit, Chivas Sicam, Peter Membrey, and John Newbigin

  Foundations of CentOS Linux: Enterprise Linux On the Cheap

  Copyright © 2009 by Ryan Baclit, Chivas Sicam, Peter Membrey, and John Newbigin All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. The Evolution Mail Client logo is a copyright of Evolution project and was printed with permission.

  ISBN-13 (pbk): 978-1-4302-1964-4

  ISBN-13 (electronic): 978-1-4302-1965-1 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

  President and Publisher: Paul Manning Lead Editor: Frank Pohlmann Technical Reviewers: Peter Membrey and Ann Tan-Pohlmann Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell, Gary

  Cornell, Jonathan Gennick, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh

  Coordinating Editor: Debra Kelly Copy Editors: James A. Compton, Heather Lang, Patrick Meader, and Sharon Terdeman Compositor: Bob Cooper Artist: April Milne Cover Designer: Anna Ishchenko

  Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail

  For information on translations, please e-mail Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales—eBook Licensing web page at

  The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work.

  The source code for this book is available to readers at

  ii

  

I dedicate this book to all current and future users of Linux.

  

— Ryan Baclit

To Anna. May all your dreams come true.

  

— Chivas Sicam

For my granddad, Bill “Pappy” Membrey. Without his unwavering support and guidance (not

to mention patience), I would not be where I am today.

  

— Peter Membrey

To my fiancée, Jenna.

  

— John Newbigin

Contents at a Glance

  

Chapter 10: Network Security

■

  

Index

  

Chapter 19: Linux Troubleshooting

■

  

Chapter 18: Linux Virtualization

■

  

Chapter 17: The Linux Kernel

■

  

Chapter 16: Directory Services

■

  

Chapter 15: Linux Mail Servers

■

  

Chapter 14: File Sharing Services

■

  

Chapter 13: Linux Web Services

■

  

Chapter 12: Open Source Databases

■

  

Chapter 11: Network Services

■

  

  ■

About the Authors

  

Chapter 7: Package Management

■

  

Chapter 6: X Window System

■

  

Chapter 5: User Management

■

  

Chapter 4: Data Storage Management

■

  

Chapter 3: Client/Host Configuration

■

  

Chapter 2: BASH

■

  

Chapter 1: Installation

■

  ■

  ■

  ■

  ■

About the Technical Reviewer

  

Chapter 8: Basic Linux Security

■

  CONTENTS ■

Contents

  About the Authors ■

  About the Technical Reviewer ■

   ■

   ■

  

Chapter 1: Installation

■

  

Preinstallation Steps .........................................................................................................

Troubleshooting ...............................................................................................................

  

Chapter 2: BASH

■

  

Working with the Command-Line Interface .......................................................................................

The Linux Filesystem ..........................................................................................................

Listing the Contents of a Directory ...........................................................................................

  Absolute and Relative Paths ...................................................................................................

Renaming and Moving Files .....................................................................................................

Creating and Viewing Text Files ...............................................................................................

  

Text Processing ...............................................................................................................

Redirection ...................................................................................................................

  

Getting Help ..................................................................................................................

Creating and Running Your Own Script ..........................................................................................

  

Chapter 3: Client/Host Configuration

■

  

The Boot Process ..............................................................................................................

  CONTENTS ■

  Kernel, Init, and Runlevels ................................................................................................... Keyboard Settings ............................................................................................................. Date and Time Settings ........................................................................................................ Graphics Settings ............................................................................................................. Summary .......................................................................................................................

  Chapter 4: Data Storage Management ■

  Provisioning a New Hard Drive ................................................................................................. Understanding RAID Types and Levels ...........................................................................................

  RAID 1 ........................................................................................................................ Checking on RAID .............................................................................................................. Understanding How LVM Works ...................................................................................................

  Physical Volumes .............................................................................................................. Making Sure Your Volumes Work .................................................................................................

  Summary .......................................................................................................................

  Chapter 5: User Management ■

  Managing Users and Groups with the Graphical Interface ........................................................................ Changing User Properties ...................................................................................................... Adding a Group ................................................................................................................ Deleting a Group .............................................................................................................. Adding a User ................................................................................................................. Deleting a User ............................................................................................................... Changing Group Properties .....................................................................................................

  Implementing Disk Quotas ...................................................................................................... Setting Up the Quota Files ....................................................................................................

  ■ CONTENTS

  Setting Grace Periods .........................................................................................................

Enabling Quotas ...............................................................................................................

  

Setting Resource Limits .......................................................................................................

■

Chapter 6: X Window System ................................................................................. 105 X.Org .............................................................................................................................................................. 106

  

xorg.conf ..................................................................................................................... The Device Section ............................................................................................................ The ServerLayout Section ......................................................................................................

  

The GNOME Desktop .............................................................................................................

Applications .................................................................................................................. System ........................................................................................................................ Launchers .....................................................................................................................

  

Bottom Panel ..................................................................................................................

  

XDMCP Remote Connections ......................................................................................................

Reloading Options with gdmflexiserver .........................................................................................

  

Requesting an X Session with XDMCP ............................................................................................

  XDMCP with X Query.............................................................................................................

  

XDMCP with Xnest ..............................................................................................................

Summary .......................................................................................................................

  ■

  

Chapter 7: Package Management

  CONTENTS ■

  Upgrading a Package ........................................................................................................... Querying a Package ............................................................................................................ Source RPMs ...................................................................................................................

  The rpmbuild Command .......................................................................................................... YUM ...........................................................................................................................

  Removing Packages with YUM .................................................................................................... Searching Packages with YUM ................................................................................................... Creating Repositories for YUM .................................................................................................

  Chapter 8: Basic Linux Security ■

  System Logger.................................................................................................................. Selectors .....................................................................................................................

  Detecting Intruders with the System Logger .................................................................................... Using crontab ................................................................................................................. Working with the crontab File .................................................................................................

  Browsing Available Tasks ...................................................................................................... Pluggable Authentication Modules .............................................................................................. servicename ................................................................................................................... Control .......................................................................................................................

  Testing PAM ................................................................................................................... Finding Other PAM Modules .....................................................................................................

  Chapter 9: Advanced Security ■

  Using Digital Certificates .................................................................................................... Deploying Certificates ........................................................................................................

  CONTENTS ■

  

Configuration Files ...........................................................................................................

Certificate File Formats ......................................................................................................

Go Wild........................................................................................................................

Monitoring the filesystem with RPM ............................................................................................

Monitoring the Network with Netfilter .........................................................................................

Why Use SELinux ...............................................................................................................

SELinux Policy ................................................................................................................

Booleans ......................................................................................................................

Interactive Users .............................................................................................................

  

Chapter 10: Network Security

■

  

The Firewall ..................................................................................................................

An Advanced Firewall ..........................................................................................................

  Viewing the Current Firewall ..................................................................................................

Using CentOS as a Router ......................................................................................................

Handling Complex Protocols with netfilter .....................................................................................

  

Centralized Logging ...........................................................................................................

Configuring the Client to Send Logs ...........................................................................................

  

Chapter 11: Network Services

■

  

OpenSSH........................................................................................................................

Connecting to the OpenSSH Server ..............................................................................................

OpenSSH Keys ..................................................................................................................

Getting the Fingerprint Value .................................................................................................

Making Your Own Keys ..........................................................................................................

  CONTENTS ■

  The DHCP Server ............................................................................................................... The DHCP Configuration File ................................................................................................... Organizing with Groups ........................................................................................................ Client-Server Mode ............................................................................................................ Broadcast Mode ................................................................................................................

  DNS ........................................................................................................................... Name Resolution ............................................................................................................... rndc-confgen .................................................................................................................. named .........................................................................................................................

  The Contents of rndc.conf ..................................................................................................... Caching DNS ................................................................................................................... dig ........................................................................................................................... Configuring a Caching DNS ..................................................................................................... Configuring a Slave DNS ....................................................................................................... Reverse Lookup ................................................................................................................

  Installing Squid .............................................................................................................. The visible_hostname directive ................................................................................................

  ACLs and ACL-operators ........................................................................................................ How ACL-operators Work ........................................................................................................ More Squid ....................................................................................................................

  Chapter 12: Open Source Databases ■

  ACID .......................................................................................................................... Setting Up MySQL ..............................................................................................................

  CONTENTS ■

  

Running the MySQL Server ......................................................................................................

MySQL Monitor .................................................................................................................

Creating a Database ...........................................................................................................

Adding a User .................................................................................................................

Granting Privileges ...........................................................................................................

Getting a List of Available Databases .........................................................................................

Restoring Databases Using Backups .............................................................................................

Customizing the MySQL Server Configuration ....................................................................................

Setting up PostgreSQL .........................................................................................................

PostgreSQL Interactive Terminal ...............................................................................................

PostgreSQL Roles ..............................................................................................................

Removing a User ...............................................................................................................

Dropping a Database ...........................................................................................................

Granting Privileges to Objects ................................................................................................

Changing Role Attributes ......................................................................................................

Creating Database Backups......................................................................................................

Configuring PostgreSQL ........................................................................................................

  

CRUD and Databases ............................................................................................................

Verifying the Newly Created Tables ............................................................................................ Adding Entries to the Table ...................................................................................................

  

Updating ......................................................................................................................

Summary .......................................................................................................................

  

Chapter 13: Linux Web Services

■

  ■ CONTENTS

  Apache Web Server ............................................................................................................. Testing Apache ................................................................................................................ The Apache Configuration File .................................................................................................

  Commonly Used Directives ...................................................................................................... Section 2: Main Server Configuration .......................................................................................... DirectoryIndex ................................................................................................................ ScriptAlias ...................................................................................................................

  Virtual Hosts .................................................................................................................

  IP-Based and Name-Based Virtual Hosting ....................................................................................... Configuring Name-Based Virtual Hosting ........................................................................................

  Secure Apache with SSL ........................................................................................................ Startup Without a Passphrase ..................................................................................................

Chapter 14: File Sharing Services .......................................................................... 313 Very Secure FTP Daemon .............................................................................................................................. 313 Configuring vsftpd .................................................................................................................................... 313

  ■

  vsftpd.conf ................................................................................................................... user_list .....................................................................................................................

  NFS ........................................................................................................................... Sharing a Directory Using NFS ................................................................................................. Mounting a Shared Directory As the Client ..................................................................................... Using exportfs ................................................................................................................

  Setting Up a Samba Server ..................................................................................................... Configuring Samba ............................................................................................................. smbusers ......................................................................................................................

  CONTENTS ■ smb.conf ......................................................................................................................

server string ................................................................................................................. passdb backend ................................................................................................................

  

Testing the Samba Stand-Alone Server ..........................................................................................

Sharing a Printer .............................................................................................................

Configuring Samba to Share a Printer ..........................................................................................

  

Summary .......................................................................................................................

  

Chapter 15: Linux Mail Servers

■

  

Basic Email Concepts ..........................................................................................................

Mail Transfer Agent ...........................................................................................................

POP3 and IMAP .................................................................................................................

Sending Email with Sendmail ...................................................................................................

sendmail.mc ...................................................................................................................

The Sendmail Administrative Configuration Files ............................................................................... aliases ....................................................................................................................... The trusted-users File ........................................................................................................ mailertable ...................................................................................................................

  

Installing Postfix ............................................................................................................

Sending Email with Postfix ....................................................................................................

Postfix Administrative Configuration Files .................................................................................... aliases ....................................................................................................................... transport ..................................................................................................................... canonical .....................................................................................................................

  CONTENTS ■

  Mail Servers and DNS .......................................................................................................... Installing Dovecot ............................................................................................................ Configuration Options ......................................................................................................... ssl_cert_file ................................................................................................................. ssl_key_password ..............................................................................................................

  Configuring Dovecot for Maildir ............................................................................................... Checking the IMAP Maildir contents ............................................................................................ Checking the POP3 Maildir contents ............................................................................................

  Using Evolution with OpenSSL .................................................................................................. Summary .......................................................................................................................

  Chapter 16: Directory Services ■

  The Need for Unified Authentication ........................................................................................... Setting up NIS ................................................................................................................ Creating Your First Domain ....................................................................................................

  The NIS Client ................................................................................................................ yp.conf .......................................................................................................................

  Testing the Setup ............................................................................................................. NIS Utilities ................................................................................................................. ypcat ......................................................................................................................... yppasswd ...................................................................................................................... Using NIS with NFS ............................................................................................................

  Setting up OpenLDAP ........................................................................................................... ldap.conf .....................................................................................................................

  CONTENTS ■

  

Modules .......................................................................................................................

Your First Database ...........................................................................................................

LDIF Format ...................................................................................................................

Adding Entries with ldapadd ...................................................................................................

Changing Entries with ldapmodify ..............................................................................................

Creating a Backup .............................................................................................................

Installing Perl Modules .......................................................................................................

The nss_ldap Configuration File ...............................................................................................

nsswitch.conf .................................................................................................................

OpenLDAP Client Configuration File ............................................................................................

Smbldap-tools ................................................................................................................. smbldap_bind.conf .............................................................................................................

  

Joining the DCTOYS Domain Controller ..........................................................................................

Troubleshooting Tactics .......................................................................................................

  Pitfall #2: Cannot start the Samba server properly because only the nmbd process is running

Chapter 17: The Linux Kernel

  ■

History of the Linux Kernel ...................................................................................................

Kernel Modules ................................................................................................................

insmod ........................................................................................................................

modprobe.conf .................................................................................................................

rmmod .........................................................................................................................

blacklist .....................................................................................................................

  

Getting a New Linux Kernel ....................................................................................................

  CONTENTS ■

  Preparing to Configure the New Linux Kernel.................................................................................... Configuring the Kernel with the Command Line .................................................................................. Configuring the Kernel with menuconfig ........................................................................................

  Building the Kernel ........................................................................................................... Making the Boot Loader Initialized RAM Disk ................................................................................... Your Turn .....................................................................................................................

  Chapter 18: Linux Virtualization ■

  Understanding Virtualization .................................................................................................. Xen ...........................................................................................................................

  Full Virtualization ........................................................................................................... Operating System Virtualization ...............................................................................................

  Hardware Requirements ......................................................................................................... The xend Daemon ............................................................................................................... xend-config.sxp ............................................................................................................... qemu-ifup .....................................................................................................................

  Checking Dom-0 ................................................................................................................ Preparing the Installation Media ..............................................................................................

  Understanding the Guest Configuration File .................................................................................... Connecting to a Guest .........................................................................................................

  Using virt-viewer ............................................................................................................. Shutting Down a Guest ......................................................................................................... Cloning a Guest ............................................................................................................... Summary .......................................................................................................................

  CONTENTS ■

  

Chapter 19: Linux Troubleshooting

■

  

The CentOS Rescue Environment .................................................................................................

Troubleshooting Checklist .....................................................................................................

  

Bootloader Was Overwritten ....................................................................................................

Skipping /mnt/sysimage ........................................................................................................

  

Mounting Logical Volumes ......................................................................................................

Single-User Mode ..............................................................................................................

My New Kernel Is Stuck! .......................................................................................................

Summary .......................................................................................................................

  

Index

■

  CONTENTS ■

About the Authors

  Ryan Baclit started to use Linux during his college days at De La Salle ■

  University. His natural interest in computer technology prompted him to study the operating system and its tools. Knowing that he needed to learn more about open source technology to advance in Linux and the proper use of open source tools, he enrolled in Bluepoint Institute of Higher Technology’s Total Linux course in 2005. After graduating, he eventually became an instructor T that institute. As an instructor, he usually teaches open source programming tools like Bash shell scripting and software analysis and design with UML. When not playing with Linux, he studies manga illustration, reads manga, and collects anime toys.

  ■ Chivas Sicam works as an entrepreneur and IT consultant. Chivas takes pride in

  being part of the DOST-ASTI (Department of Science and Technology Advanced Science and Technology Institute) Bayanihan Linux project. His team has advocated the use of open source software for the computing needs of government agencies, schools, and small and medium-size enterprises in the Philippines. He also scored 100% in his RHCE exam in March 2005. He enjoys technology, road trips, and keeping up-to-date on news of the Utah Jazz. lives in Hong Kong and is actively promoting open source in all

  ■ Peter Membrey

  its various forms and guises, especially in education. He has had the honor of working for Red Hat and received his first RHCE at the tender age of 17. He is now a Chartered IT Professional and one of the world’s first professionally registered

  ICT Technicians. Currently studying for a master’s degree in IT, he hopes to study locally and earn a PhD in the not-too-distant future. He lives with his wife, Sarah, and is desperately trying (and sadly failing) to come to grips with Cantonese.

  xviii

  ■ ■ John Newbigin has been passionate about Linux for more than 10 years. In that

  time he has channeled much of his enthusiasm into writing a number of tools and utilities. Ironically it is his Windows programs such as RawWrite for Windows and Explore2fs that have generated the most interest, though they all help to bring Linux to a larger audience.

  John’s involvement with CentOS dates back to the early days when it was still part of the CAOS Foundation. From late 2003 until mid-2009 when the product was retired, John was the CentOS-2 lead developer. He still helps out on the other releases where possible.

  In between working on CentOS and his other programs, John still finds time for his day job as a Linux systems administrator, where he continues to find new and exciting ways to use Linux networking, file systems, and security.

  xix CONTENTS ■

About the Technical Reviewer

  Ann Tan-Pohlmann has experience in many fields, including slinging regular ■

  expressions, watching Linux servers, writing telecom billing systems, being an obsessive-compulsive spreadsheet user, and arguing about machine learning. She is learning Italian, has forgotten most of her Mandarin, trains cats using Cat-Kwan- Do, and sings Videoke to survive the Manila night. She currently does GUI development for a telecom testing company in her day job.

  xx

  ■